Fundraising for FreeBSD security development

Dear FreeBSD users,

Slightly more than three years ago, I released FreeBSD Update, my first
major contribution to FreeBSD. Since then, I have become a FreeBSD
committer, joined the FreeBSD Security Team, released Portsnap, and
become the FreeBSD Security Officer. However, as I have gone from
being a graduate student at Oxford University -- busy writing my thesis
-- to a researcher at Simon Fraser University -- busy doing research
and writing papers -- my "to do" list of FreeBSD-related work has
continued growing, and I have now come to realize that some of the
items on that list will probably never be finished until I get a chance
to work full-time on FreeBSD.

This is where you come in. I'm hoping to raise $15,000 Canadian (about
US$13,000) to pay me to work full-time on FreeBSD for 16 weeks over the
summer. This will allow me to devote more time to my role as FreeBSD
Security Officer, perform a complete overhaul of FreeBSD Update, and
make some significant improvements to Portsnap.

Based on my estimates of the number of systems currently using Portsnap
and FreeBSD Update (about 8500 and 4500 respectively based on my server
logs) this works out to one US dollar per computer (or two dollars for
systems using both Portsnap and FreeBSD Update); I don't think this is
an unreasonable amount to ask for even if I only receive donations
from people who are using Portsnap or FreeBSD Update. That said, if
I don't reach my target for donations, I'll get as much work done within
the time I have funds for before returning to other paying work (most
likely at the university again).

Donations can be sent by paypal to cperciva@freebsd.org; if you would
prefer to send a cheque (which is probably only worthwhile for cheques
in Canadian or US dollars), please contact me by email to obtain my
mailing address. In either case, please let me know if you wish to
remain anonymous.

Colin Percival

Details

1. What do I plan on doing?

As much as I can of the following, in approximate order of priority:

Give priority to my role as FreeBSD Security Officer.

At times in the past few months, I've felt obliged to devote myself to
the work which I was being paid to perform, rather than spending time
on the (volunteer) position of FreeBSD Security Officer. While I would
not say that this has had a major adverse effect upon the security of
FreeBSD, there are some minor issues which would likely have been fixed
more promptly, or would have received better-written advisories, if I
had not been struggling to get a paper submitted before a conference
deadline.

Clearly if I am being paid to work on FreeBSD, this won't be a problem.

Rewrite FreeBSD Update.

When I first wrote FreeBSD Update, the FreeBSD base system was a mess.
Due to cryptographic export restrictions, some binaries existed in up
to four different versions depending upon which set of cryptographic
code (if any) was installed; further, a number of binaries would
compile completely differently each time they were built (which caused
particular problems for FreeBSD Update). In the past three years,
these problems have been fixed, so much of the ugly hackery which was
involved in FreeBSD Update is no longer necessary.

On the other hand, I made some assumptions when I wrote FreeBSD Update
which have caused problems. I assumed that binary updates would be
built after the associated patches had been committed to CVS; ever
since I joined the FreeBSD Security Team in 2004, this hasn't been the
case, but I've had to engage in some ugly hackery to get binary updates
built before committing to CVS. Further, I assumed that people would
always want to update everything and wouldn't care which advisory was
responsible for a particular update; neither of these assumptions
turned out to be true.

My goals for rewriting FreeBSD Update are:

Users will be able to update their World, Kernel(s), and Source code
separately; this will make FreeBSD Update more usable by people with
custom kernels.

The build code will be vastly simpler and cleaner due to the cleaning
which has happened to the src tree over the past few years; this will
make the FreeBSD Update build code usable by people who want to build
their own updates (e.g., to include their own customizations).

Non-i386 architectures will be supported. At the moment the client
code works on most platforms, but as far as I know the build code
doesn't. AMD64 builds will happen first, while other platforms will
depend upon demand and the availability of build hardware.

The update-building will be on hardware managed by the FreeBSD Security
Team and other team members will be able to start builds; this will
allow FreeBSD Update to (finally) be officially supported by the
project.

I'll be discussing my plans with other developers at the
BSDCan developer summit, so there
will probably be more items added to this list.

Improvements to Portsnap

I've published the portsnap mirroring code, but the portsnap build code
needs to be cleaned up before I release it.

As Matthew Seaman has pointed out to me, it should be possible to speed
up the portsnap INDEX builds by only running "make describe" in the
directories where the port metadata might have changed (in the same way
that Matthew's Portindex operates).
This will require a significant amount of work due to the internal
mechanics of how the builds are done, but should speed up portsnap
builds from around one hour to around 15 minutes (which means a
correspondingly shorter delay between a CVS commit and being able to
fetch the updates using the portsnap client).

I should be able to improve the mirroring code to make it use much
less bandwidth. Right now it uses around one thousand times more
bandwidth than an individual client machine; as a result, I've been
asking people to use the existing mirrors rather than creating their
own, but for a variety of reasons this isn't ideal for everybody.

One often-voiced complaint about Portsnap is that it will wipe out
local changes when it updates a port. By keeping track of which
files are supposed to exist, I think I can make portsnap handle
local changes more intelligently, at least to the point where extra
files added by the user (e.g., a new patch in the files/
directory, or a Makefile.local file) will be left untouched.

2. How much money do I need?

I'm hoping to raise $15,000 Canadian (about US$13,000). This is
approximately what I would earn by working at the university -- I say
"approximately" because the university pays some payroll taxes and
provides some benefits, so I'm really not sure if this amount will end
up being more or less than I would earn from the university.

Note that this is absolutely not what I'd earn if I was doing
research or writing code for a large company -- this rate applies when
I'm doing the work I want to do (whether it is academic research
or working on FreeBSD).

3. How can people donate?

Via paypal to cperciva@FreeBSD.org, or by cheque (email me
for my address). Wire transfers might be possible, but I haven't
investigated this -- I'll look into this if/when necessary.

UPDATE: Another possibility, which probably only applies to Canadians,
is an Interac "email money transfer".

4. How little/much can people donate?

Due to paypal's transaction fees, anything less than $5 isn't very
practical. For cheques, I don't have to pay any fees to accept
Canadian dollar cheques, but US dollar cheques less than $10 probably
aren't practical; for other currencies (e.g., UK Pounds or Euros) I
don't know how large the bank fees are, but they're probably rather
large.

As for an upper limit: If you're considering donating more than $1000,
it's probably worth contacting me first to see if we can avoid paying
paypal's transaction fee, since it becomes rather large by that point.
Aside from that, please check the running total (see the next question)
and contact me before sending a large donation if I'm already close to
my target.

5. How much has been donated so far?

I have received the following donations (dates are in UTC, and in the
case of checks and funds which paypal marked as ``pending'' for a few
days reflect when I received the funds, not when they were sent):

Date

Source

Amount

2006-03-30

Christian Laursen

50.00 USD

2006-03-30

Nicholas Evans

100.00 USD

2006-03-30

Helen Marks

20.00 GBP

2006-03-30

Thoumie Florent

15.00 EUR

2006-03-30

Peter Thoenen

50.00 CAD

2006-03-30

Chris Buechler

20.00 USD

2006-03-30

FreeBSD Brasil LTDA

50.00 CAD

2006-03-30

Randall Ehren

20.00 USD

2006-03-30

Thomas Øksnes

50.00 USD

2006-03-30

John Nielsen

15.00 USD

2006-03-30

Ryan Taylor

50.00 USD

2006-03-30

Thomas Vogt

150.00 USD

2006-03-30

Anonymous

75.00 USD

2006-03-30

Arjan van Leeuwen

50.00 EUR

2006-03-30

Mikhail Goriachev

100.00 AUD

2006-03-30

Lucas Holt

10.00 USD

2006-03-30

Daniel Nebdal

20.00 CAD

2006-03-31

Kenneth Stox

200.00 USD

2006-03-31

Phillip Murray

100.00 AUD

2006-03-31

Coast to Coast Hosting

20.00 USD

2006-03-31

Danny Puckett

20.00 USD

2006-03-31

Patrick Collins

50.00 AUD

2006-03-31

Eric Anderson

100.00 USD

2006-03-31

Manuel Chaviano

10.00 USD

2006-03-31

Matt Jarjoura

25.00 USD

2006-03-31

Jakob Breivik Grimstveit

10.00 USD

2006-03-31

"SorAlx"

20.48 CAD

2006-03-31

Aloha Consulting

20.00 USD

2006-03-31

Joe Stevensen

25.00 USD

2006-03-31

Alessandro de Manzano

50.00 EUR

2006-03-31

Frederico Costa

35.00 GBP

2006-03-31

Tobias Roth

50.00 USD

2006-03-31

basis06 AG

50.00 CAD

2006-03-31

Fedder Skovgaard

15.00 USD

2006-03-31

Motrix Data

50.00 EUR

2006-03-31

Omer Faruk Sen & EnderUNIX.ORG

40.00 USD

2006-03-31

James Snow

81.92 USD

2006-03-31

Paul Dekkers

25.00 EUR

2006-03-31

Michael Proto

15.00 USD

2006-03-31

Beat Gätzi

100.00 CAD

2006-03-31

William Harris

25.00 USD

2006-03-31

Calvin Ng

15.00 USD

2006-03-31

Charles Sprickman

30.00 USD

2006-03-31

Jean-Michel Lacroix

10.00 USD

2006-03-31

Jeff Thomas

50.00 USD

2006-03-31

Brad Robertson

50.00 USD

2006-04-01

Jonas Sonntag

20.00 EUR

2006-04-01

Adam Baldwin

35.00 USD

2006-04-01

RetroWeb.net

30.00 USD

2006-04-01

David Stanford

15.00 USD

2006-04-01

Lars Cleary

50.00 USD

2006-04-01

Gustav Bylesjö

25.00 EUR

2006-04-01

Olivier Saut

20.00 EUR

2006-04-01

Chih-Chang Hsieh

50.00 USD

2006-04-01

DNS Watchdog

10.00 USD

2006-04-01

Joshua Tolbert

50.00 USD

2006-04-02

Mikko Tyolajarvi

50.00 USD

2006-04-02

Andre Arko

50.00 USD

2006-04-02

Royce Williams

50.00 USD

2006-04-02

TaoSecurity LLC

100.00 USD

2006-04-02

KENJI IKEDA

100.00 USD

2006-04-02

David Dapena Garrido

20.00 EUR

2006-04-02

Sean Dicks

25.00 CAD

2006-04-03

Anonymous

30.00 USD

2006-04-03

TAISEI IZUMI

20.00 CAD

2006-04-03

Mark Mellis

100.00 USD

2006-04-03

Yoan Talagrand

30.00 USD

2006-04-03

MAKOTO MATSUSHITA

20.00 USD

2006-04-03

Eric Ziegast

25.00 USD

2006-04-04

Panagiotis Christias

55.00 EUR

2006-04-04

Remko Lodder

100.00 EUR

2006-04-04

Ben Lake

10.00 USD

2006-04-04

Alan Batie

5.00 USD

2006-04-04

PZINTERNET.COM

18.00 CAD

2006-04-04

Jetpants.com

10.00 USD

2006-04-04

Tod Oace

25.00 USD

2006-04-04

DaveG.ca

20.00 CAD

2006-04-04

JongHwan Park

15.00 CAD

2006-04-04

Simonas Kareiva

8.30 CAD

2006-04-04

Martin Ziegler

20.00 CAD

2006-04-04

Peter Vermeulen

10.00 USD

2006-04-04

Christopher Knight

30.00 CAD

2006-04-04

Jean-Francois Dockes

10.00 USD

2006-04-04

NAKAMURA Takeshi

5000 JPY

2006-04-04

Björn König

16.00 EUR

2006-04-04

Angel Lafuente Echeazarra

20.00 EUR

2006-04-04

Anonymous

5.00 USD

2006-04-04

Russell Meek

30.00 USD

2006-04-04

Koichi Suzuki

100.00 USD

2006-04-04

Daniel Seuffert

200.00 USD

2006-04-04

Issei Suzuki

5000 JPY

2006-04-04

Egidijus Serplis

20.00 CAD

2006-04-04

Gideon Klok

1.00 EUR

2006-04-04

Philippe Lang

50.00 USD

2006-04-04

Silicon Landmark, LLC

30.00 USD

2006-04-04

Peter Quilty

30.00 USD

2006-04-04

Robert Beer

10.00 USD

2006-04-04

JUNICHIRO MINAMI

50.00 USD

2006-04-04

Matthew Kanner

75.00 CAD

2006-04-04

Ironsystems Inc

35.00 USD

2006-04-04

Mickey Boyd

20.00 USD

2006-04-04

Steven Kirk

10.00 USD

2006-04-04

Konstantin Saurbier

100.00 EUR

2006-04-04

Celso Viana

10.00 USD

2006-04-04

Dario Cardoso

10.00 USD

2006-04-04

Andre Nicolai

10.00 USD

2006-04-04

Patrick Tracanelli

20.00 USD

2006-04-04

Bart Frackiewicz

20.00 EUR

2006-04-04

Wayne Lee

15.00 USD

2006-04-05

Adrian Wontroba

10.00 GBP

2006-04-05

Dirk Estenfeld

20.00 EUR

2006-04-05

Ricardo Alves Reis

5.00 USD

2006-04-05

Datapipe.com

100.00 USD

2006-04-05

George Neville-Neil

100.00 CAD

2006-04-05

Michael Benjamin

5.00 USD

2006-04-05

Daniel Parriott

20.00 USD

2006-04-05

Cory Bajus

20.00 CAD

2006-04-05

Sam Lawrance

50.00 CAD

2006-04-06

Seamus Hartmann

100.00 USD

2006-04-08

Katsuji Ishikawa

33.00 USD

2006-04-09

Justin Hopper

100.00 USD

2006-04-10

Terje With Lunndal

20.00 USD

2006-04-10

Jiro Isetani

1.27 USD

2006-04-12

Moto Kawasaki

100.00 USD

2006-04-13

Mike Tancsa

100.00 CAD

2006-04-15

Mark Hobden

50.00 CAD

2006-04-19

Anonymous

10.00 CAD

2006-04-23

Paradigm Shift Security

75.00 USD

2006-04-23

Alex Burke

20.00 GBP

2006-04-23

Anonymous

100.00 USD

2006-04-24

Peter Skomoroch

20.00 USD

2006-04-24

Edwin Groothuis

100.00 AUD

2006-04-24

Adam McMaster

20.00 USD

2006-04-24

Martin Jaokb

50.00 EUR

2006-04-24

Frank Cameron

75.00 USD

2006-04-24

Petr Wolf

10.00 USD

2006-04-24

Paul Hoffman

25.00 USD

2006-04-24

Andrew Sousa

50.00 USD

2006-04-24

Rong-En Fan

100.00 USD

2006-04-25

pil.dk

1000.00 USD

2006-04-25

Naoyuki Tai

50.00 USD

2006-04-25

Anonymous

50.00 USD

2006-04-25

Yung Chen Hung

30.00 USD

2006-04-25

Alson van der Meulen

10.00 EUR

2006-04-26

InsideSystems

87.88 CAD

2006-04-27

Lace Media, LLC

30.00 USD

2006-04-27

Rainer Duffner

100.00 EUR

2006-04-28

Pair Networks

6500.00 USD

Total received: $14,868.78 Canadian (out of a target of $15,000).
Considering that the Canadian dollar has increased by 5% against the US
dollar in the past month, and my bank will be paying about $130 of
interest on this money between now and the end of August, I'm satisfied
that I've reached my target.

6. What happens if I get too much / too little money?

If I don't reach my target of $15,000 Canadian, I'll get as much
done as possible within the time paid for before returning to other
paying work (most likely at Simon Fraser
University again).

If I receive more than $15,000 Canadian in donations, I'll contact the
donors whose donations went past the target and offer them the option
of having their donations refunded.

7. When do I plan on doing this?

Between 1 May 2006 and 31 August 2006, with the exception of the last
week in July (due to a long-planned holiday at a
music camp).

8. While I'm doing this, will I fix <insert bug here>?

9. While I'm doing this, will I add <insert feature here>?

If it relates to FreeBSD Update or Portsnap, probably. Send me an
email and explain the problem, and I'll add it to the list of things
I'll try to handle if I have time.

Things which people have already asked for:

Adding an option to FreeBSD Update to display its version number.

Adding a mechanism to FreeBSD Update to identify which advisories have
been fixed by a patch.

Making sure that FreeBSD Update updates linker.hints after replacing a
KLD.

Teaching freebsd-update cron about the MAILTO environment
variable.

Using relative symlinks in FreeBSD Update's internal database so that
it can be moved from /usr/local/freebsd-update to somewhere
else.

Distributing custom kernels via FreeBSD Update with support for ALTQ.

Distributing custom kernels via FreeBSD Update without anything which
can later be kldloaded.

Teaching portsnap to use a different mirror if the first one it tries
is inaccessible.

Making portsnap more intelligent about mirrors and proxies -- all the
mirrors should have the same files, but at present the "pick a random
mirror" strategy means that proxies will end up caching the data
multiple times.

Teaching portsnap to parse the output of older versions of host(1) when
looking up the list of mirrors available.

Making FreeBSD Update warn about releases which are about to reach their
EoL or have already done so.

Investigating reported differences in performance between mirrors and
any link to network RTT.

Considering extending the portsnap approach to src, doc, and www trees
(I've already thought about this and can't see any way to do this
efficiently; but it's possible that I'll come up with something...).

10. Are donations tax-deductible?

I'm not a tax lawyer, but my basic understanding is as follows:

I'm not a charity, so you can't claim these donations as a charitable
donation.

Legally speaking, this is contract work, so companies can claim any
donations they make as business expenses. I will issue invoices upon
request.

11. What about sales/income taxes?

My understanding is that I do not need to charge sales tax to anyone
since my total revenues ($15,000, hopefuly) are below the "small
supplier" threshold of $30,000.

I have to pay personal income tax on the money I receive from this, but
this is something I will handle myself (in early 2007, when I complete
my income tax return for the 2006 tax year).

12. What progress have I made so far?

After I start work in May 2006, I'll post reports on my progress on
my quasi-blog, Daemonic
Dispatches. I can't guarantee that it will be entirely up to
date -- I'm not much of a blogger -- but it should at least provide
some idea of my progress.